---
title: ZITADEL Users
sidebar_label: Users
---

ZITADEL differs two different types of users:

- Users (Humans)
- Service Users (Machine Accounts)

<img src="/docs/img/guides/console/usersmenu.png" width="420px" alt="User types" />

A human user has an email address and a password, and can additionally save information about phone, nickname, gender, language.
A service user only has a name and a description aside his username.

A service user can be authenticated with JWT profile or Personal Access Tokens. Both methods can specify an expiry.
A human user can authenticate itself with his password, add multiple factors for additional security, and enable passwordless authentication.

Service users are primarily used to gain access for a backend service or iot device. The fact that service users can also be ZITADEL managers is used to restrict access to specific projects or organizations.
To get an understanding on how service users are used, take a look at our NextJS B2B Demo application.

## Create User

import CreateUser from './_create-user.mdx';

<CreateUser/>

## Metadata

When building complex applications, having the possibility to add metadata is essential.
ZITADEL provides a key value storage for users on the user pages.
Just navigate to the section **Metadata** and click on **edit**.

> In our [Point of Sales example](./projects#example) from the projects guide, you could add a `stripeCustomerId` as a metadata key. In your client application you could then easily fetch the customer from Stripe APIs for your payments.

<img
  width="460px"
  src="/docs/img/guides/console/usermetadata.png"
  alt="User Metadata"
/>

Metadata can requested via our auth and management APIs, from userinfo endpoint or ID Token.
To get your metadata from the userinfo endpoint, add `urn:zitadel:iam:user:metadata` to your authentication request. Take a look at our reserved scopes [here](/apis/openidoauth/scopes#reserved-scopes) or take a look at our [metadata guide](../customize/user-metadata).

You can then toggle **User Info inside ID Token** in your application settings, if you need this information in the ID Token too.

<img
  src="/docs/img/guides/console/appidtokensettings.png"
  width="650px"
  alt="ID Token settings"
/>

## Authorizations

As described in [Roles and Authorizations](./roles), authorizations are shown on user profile pages too.
If you need user roles in the user info endpoint, check the **Assert roles on authentication** checkbox in your project as described in [Authorizations](./roles#authorizations).
If you need them in your ID Token, toggle **User roles inside ID Token** in application settings.
